Close
logodocs

Relays

Relays, much like Gateways, are how the strongDM network connects with resources such as databases and servers. Unlike a Gateway, the Relay does not listen for client connections.

When might this be helpful? For a secure network where you are not able to expose ports, the strongDM Relay is the answer. The Relay will dial out to connect to your Gateways, preserving the egress-only nature of your firewall, but allowing your strongDM clients to reach any configured resources in the network via those connections.

Generating a Relay token

  1. Generate a relay token. Log into the Admin UI and select Network and Relays in the navigation. Click on the add relay button in the upper right, and a box will pop up. You can rename the relay here, or do it later. Click on create and the relay token will appear onscreen.

    New Relay
    New Relay
    Copy the relay token and put it aside. You will need it again in a later step.

  2. Set up a 64-bit Linux instance that will run the relay. Machines should have at least 2 CPUs and 4 GB of memory. If the instance is using SELinux you will need to disable SELinux to install the relay.

  3. Log in to the relay instance and download the SDM binary: $ curl -J -O -L https://app.strongdm.com/releases/cli/linux

  4. Unzip it: $ unzip sdmcli_*_linux_amd64.zip

  5. Run the installer: $ sudo ./sdm install --relay

    The installer must be run by a user that exists in the /etc/passwd file. Any users remotely authenticated, such as with LDAP or an SSO service, will fail to complete the installation.

  6. You will be prompted for the Relay token you created in Step 1. Paste it into the terminal and press enter. For security purposes you will not see the token on the screen.

  7. Log in to the Admin UI and the Relay you created should now appear as Online, with a heartbeat. You may need to hard refresh the page.

  8. Repeat this process to create a second Relay if you wish; we recommend running them in pairs for high-availability.

If any errors occur, please copy them into an email and send to support@strongdm.com.

Previous
Gateways
Next
Secret Store Integration Settings